Authentication Bypass in Phoenix Contact ILC PLC Web Server
CVE-2016-8371

7.3HIGH

Key Information:

Vendor: Phoenix Contact
Status: Phoenix Contact Ilc Plcs
Vendor: CVE Published:; 5 April 2018

Summary

The web server in Phoenix Contact ILC PLCs is susceptible to an authentication bypass vulnerability, allowing unauthorized users to access the server without the need for authentication, even when the authentication mechanism is activated. This poses significant security risks, exposing sensitive information and functionalities to potential attackers.

Affected Version(s)

Phoenix Contact ILC PLCs All ILC 1xx PLCs

References

https://ics-cert.us-cert.gov/advisories/ICSA-313-01

x_refsource_MISC

https://www.exploit-db.com/exploits/45590/

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/94163

vdb-entryx_refsource_BID

EPSS Score

24% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 5, 2018
Vulnerability Reserved
Sep 28, 2016

.

CVE-2016-8371 : Authentication Bypass in Phoenix Contact ILC PLC Web Server | SecurityVulnerability.io